Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

NVD
NVDadded 2026/03/16 6:16 p.m.1 views

CVE-2026-28490

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a cryptographic padding oracle vulnerability was identified in the Authlib Python library concerning the implementation of the JSON Web Encryption JWE RSA15 key management algorithm. Authlib registe...

8.3CVSS0.00016EPSS
Exploits1References3
OSV
OSVadded 2026/03/16 5:37 p.m.3 views

CVE-2026-28490 Authlib Vulnerable to JWE RSA1_5 Bleichenbacher Padding Oracle

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a cryptographic padding oracle vulnerability was identified in the Authlib Python library concerning the implementation of the JSON Web Encryption JWE RSA15 key management algorithm. Authlib registe...

8.3CVSS5.8AI score0.00016EPSS
Exploits1References5
Tenable Nessus
Tenable Nessusadded 2026/03/16 12:0 a.m.1 views

Linux Distros Unpatched Vulnerability : CVE-2026-28490

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a cryptographic padding oracle vulnerability was identified i...

8.3CVSS5.8AI score0.00016EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletinsadded 2023/07/21 4:51 p.m.27 views

Security Bulletin: Multiple vulnerabilities affect the embedded Content Navigator in Business Automation Workflow - CVE-2023-24998, 254437

Summary The embedded Content Navigator in IBM Business Automation Workflow is affected by multiple vulnerabilities. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts t...

7.5CVSS7.9AI score0.339EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2023/07/14 11:39 p.m.11 views

Security Bulletin: IBM InfoSphere Information Server is affected but not vulnerable to a vulnerability in jose.4j

Summary An information disclosure vulnerability in jose.4j used by InfoSphere Information Server was addressed. Vulnerability Details IBM X-Force ID: 254437 DESCRIPTION: jose.4.j could allow a remote attacker to obtain sensitive information, caused by a chosen ciphertext attack in RSA15. By utili...

6.4AI score
Exploits0Affected Software1
Veracode
Veracodeadded 2023/05/04 5:13 a.m.12 views

Improper Cryptographic Algorithm

jose4j is vulnerable to Improper Cryptographic Algorithm. The vulnerability exists due to the way RSA15 and RSAOAEP is implemented, allowing an attacker to decrypt RSA15 or RSAOAEP encrypted ciphertexts, and in addition, it may be feasible to sign with affected keys...

6.7AI score
Exploits0
Github Security Blog
Github Security Blogadded 2023/04/27 11:52 p.m.55 views

Chosen Ciphertext Attack in Jose4j

Summary RSA15 in jose4j is susceptible to chosen ciphertext attacks. The attack allows to decrypt RSA15 or RSAOAEP encrypted ciphertexts. It may be feasible to sign with affected keys. Severity Moderate - exploiting this ciphertext attack could result in the ability to decrypt RSA15 or RSAOAEP...

6.6AI score
Exploits0References5Affected Software1
Rows per page
Query Builder